upgrade openSSH 7.2p in ubuntu 14.04

前端 未结 6 1419
别那么骄傲
别那么骄傲 2021-02-14 04:12

I have a server running Ubuntu 14.04, but I have an issue with PCI requirements. I have installed in my server OpenSSH 6.6p1, then I upgraded it to OpenSSH 7.2p, compiling the c

6条回答
  •  情话喂你
    2021-02-14 04:46

    There are two answers already mentioning the recompile. The way they suggest it may not sound like to be a safe option if you are already connected with ssh. Also they fail to suggest what to do with OpenSSL 1.0.2 vs 1.1.0 issue as by default ./configure finds on Ubuntu 14.04 LTS the 1.1.0 version of OpenSSL. To patch OpenSSL 7.7 sources to work with OpenSSL 1.1.0 here is a patch:

    http://www.linuxfromscratch.org/blfs/view/svn/postlfs/openssh.html

    wget http://mirror.exonetric.net/pub/OpenBSD/OpenSSH/portable/openssh-7.7p1.tar.gz
    tar -zxvf openssh-7.7p1.tar.gz
    cd openssh-7.7p1
    wget http://www.linuxfromscratch.org/patches/blfs/svn/openssh-7.7p1-openssl-1.1.0-1.patch
    patch -Np1 -i ./openssh-7.7p1-openssl-1.1.0-1.patch
    

    And here comes the trick: you can have TWO SSHDs so you will not lose the current connection. We will install this other sshd to /opt and its config will be in /opt/etc

    ./configure --prefix=/opt
    make ## in the end make will write where it will install, double check everything will go to /opt
    make install
    nano /opt/etc/ssh/sshd_config
    

    Here edit the port, take it away from 22 to for example 1888 (make sure port is forwarded/opened/etc)

    And now you can start the new sshd

    /opt/sbin/sshd
    

    Make sure on restart something (for example systemd) will start this other ssh too.

    The 2 sshds are now running simultaneously. You can try to connect with this newly built one. When done, you can safely remove the outdated and security update lacking openssh6.6 from apt, or at least stop the daemon and remove the daemon from startup.

    And you are one step closer to a secure system.

提交回复
热议问题